> ## Documentation Index
> Fetch the complete documentation index at: https://docs.periscope.sh/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Periscope deployment webhook API.

The deployment webhook API uses Bearer token authentication with API keys.

## Generating an API key

1. Sign in to the Periscope dashboard ([join the waitlist](https://tally.so/r/MeAqPM) if you don't have access yet)
2. Navigate to **Settings > Deployments**
3. Click **Generate API Key**
4. Copy the key immediately

<Warning>
  The API key is shown only once. If you lose it, you will need to generate a new one. The old key remains active — you can revoke it from the settings page.
</Warning>

## Using the API key

Include the API key in the `Authorization` header of every request:

```bash theme={"system"}
curl -X POST https://app.periscope.sh/api/webhooks/deployments \
  -H "Authorization: Bearer psk_live_xxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{ ... }'
```

## Key properties

| Property          | Details                                                     |
| ----------------- | ----------------------------------------------------------- |
| **Scope**         | Each key is scoped to a single organization                 |
| **Rate limiting** | Contact support for rate limit details                      |
| **Revocation**    | Keys can be revoked from **Settings > Deployments**         |
| **Format**        | Keys are prefixed for identification (e.g., `psk_live_...`) |

## Organization resolution

The API key determines which organization the deployment is recorded for. You do not need to include an organization identifier in the payload.

If you optionally include `organizationSlug` in the payload, Periscope validates that it matches the key's organization. This is a safety check to prevent accidental cross-organization ingestion.

## Error responses

| Status                  | Meaning                                               |
| ----------------------- | ----------------------------------------------------- |
| `401 Unauthorized`      | Missing or invalid API key                            |
| `403 Forbidden`         | Key is valid but the organization slug does not match |
| `429 Too Many Requests` | Rate limit exceeded                                   |
